Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] Limitations of command 'unset nsrp link-up-on-backup' in Transparent mode

0

0

Article ID: KB7937 KB Last Updated: 26 Mar 2021Version: 6.0
Summary:

Pair of active/passive firewalls in transparent mode are flip-flopping between primary and backup.


Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE). 
Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Symptoms:

Pair of active/passive firewalls in transparent mode are flip-flopping between primary and backup.  The command 'unset nsrp link-up-on-backup' is specified in the NSRP configuration. 

When 'unset nsrp link-up-on-backup' is specified, the interface is in the Down state, and if the interface is being monitored, the state of the NSRP will change, which can end up with a NSRP flap.
 

Solution:

Limitations:
If your firewall is configured in Transparent mode, and if the NSRP command 'unset nsrp link-up-on-backup' is set, then the following commands will not work as expected.  It is not supported, per-design.

set nsrp vsd-group id <id> preempt
set nsrp vsd-group master-always-exist
set nsrp monitor interface
set nsrp monitor zone
set nsrp monitor track-ip

Note:  If the default setting 'set nsrp link-up-on-backup' is used, then the above commands are supported on a firewall in Transparent mode.
This article applies to ScreenOS 5.3.0 and above.

 

Modification History:
2021-03-24: Updated the article terminology to align with Juniper's Inclusion & Diversity initiatives
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search